OpenID Foundation creates the first global standards for real-time security event sharing across digital identity systems

The OpenID Foundation (OIDF) has announced that it has approved three Final Specifications, creating the first global standards for real-time security event sharing across digital identity systems. The OpenID Foundation membership has approved the following three specifications as an OpenID Final Specifications:

. OpenID Shared Signals Framework: https://openid.net/specs/openid-sharedsignals-framework-1_0-final.html

. OpenID CAEP: https://openid.net/specs/openid-caep-1_0-final.html

. OpenID RISC: https://openid.net/specs/openid-risc-1_0-final.html

A Final Specification provides intellectual property protections to implementers of the specification and is not subject to further revision. These three Final Specifications are the product of the OpenID Shared Signals Working Group.

Acording to Mo Joueid, Advisor on Cloud and Identity Security at SailPoint, „if you are a CISO, here are 5 reasons why this matters:

1) Continuous Identity Risk/Zero Trust – Your identity platform should consume and act on real-time posture changes. Whether’s a human user, a machine, or an AI agent, the platform should dynamically revoke or adjust access the moment risk changes.

2) Incident Response Integration with RISC – Your platform should both send and receive high-impact compromise signals. That way, a stolen password or API key in one system immediately triggers protections across all others.

3) Logging, Auditing, and Verification – Your identity fabric should provide defensible audit trails across all identities. Without this, you can’t prove continuous compliance or trust automated responses.

4) Privacy and Data Protection Controls – The right platform implements privacy-by-design: minimal identifiers, pseudonymisation, and configurable sharing rules. This keeps you compliant while still enabling real-time protection.

5) Partner and Ecosystem Interoperability – Look for broad vendor support. A platform that aligns to SSF/CAEP/RISC ensures your fabric extends across SaaS, PAM, cloud, and supply chain – not just inside your perimeter.

___________

The OpenID Foundation (OIDF) is a global open standards body committed to helping people assert their identity wherever they choose. Founded in 2007, we are a community of technical experts leading the creation of open identity standards that are secure, interoperable, and privacy preserving. The Foundation’s OpenID Connect standard is now used by billions of people across millions of applications. In the last five years, the Financial Grade API has become the standard of choice for Open Banking and Open Data implementations, allowing people to access and share data across entities. Today, the OpenID Foundation’s standards are the connective tissue to enable people to assert their identity and access their data at scale, the scale of the internet, enabling “networks of networks” to interoperate globally. Individuals, companies, governments and non-profits are encouraged to join or participate. Find out more at openid.net.